Cryptolocker, Trojan.cryptolocker, Trojan.downloader.cryptolocker


Cryptolocker encrypts files on the compromised computer and demands a ransom to provide the decryption key needed to decrypt the files.


Automatic action

F-Secure detects Cryptolocker malware using a variety of generic detections. Once detected, the F-Secure security product will automatically remove the file.

Restore from backup

Like most ransomware, though the malware itself can be removed, the encryption used to take the files hostage is sufficient to make it very difficult to decrypt the files without the necessary decryption key.

In such circumstances, the recommended course of action is to report the crime to the relevant authorities and restore the affected data from a backup.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Cryptolocker is ransomware that is spread by both malicious file attachments to email messages and via the Gameover Zeus botnet. When Cryptolocker is run, it encrypts files on the compromised machine and displays a message informing the user that a decryption key must be purchased in order to recover access to the files held at ransom.

For more information, see:

Further analysis

If you believe you have encountered an undetected Cryptolocker sample, please send it to us for analysis via our Submit A Sample (SAS) page.


Update: 10 February, 2015: Details of the CTB-Locker ransomware which were originally posted in this description have now been moved to a separate description, Trojan:W32/CTB-Locker, to minimize confusion between these two ransomware families.

Date Created: -

Date Last Modified: -